1. Fastmail
  2. Setup
  3. Other

API tokens

API tokens are developer keys used to access your account's information for integrations.

API tokens are not available to users on Basic subscription plans.

An API token grants access to your account's information. Treat your API token like an app password: only select the level of access that you need, and do not give an API token to anybody you do not trust.

Creating an API token

To create an API token:

  1. Log in to the Fastmail web interface and go to the Settings → Privacy & Security screen.
  2. Find the Connected apps & API tokens section. Click Manage API tokens.
  3. Click New API token.
    • A Verify it's you box may appear. Enter your password and click Continue. (For more information, see our Password-protected actions help page.)
  4. Enter a name to identify this API token. (Make sure it's something you will be able to read and understand in the future, in case you need to review or revoke access.)
  5. In the Type section, select whether you are looking to connect via JMAP or MCP.
  6. In the Scopes section, select the level of access your API token is granted.
  7. Click Generate API token.

The next page will display your new API token. Copy and paste the token into a safe place before you click the Done button in your Fastmail settings, as you will not be able to see it again.

Scopes

When creating an API token, you will be prompted to choose between different levels of access.

If you create an API token for use with JMAP, you can select the following levels:

  • Read-only access: You will be able to download and view your data, but your data cannot be changed.
  • Email: Grants access to download, modify, and permanently delete your mail.
  • Email submission: Grants access to send mail. (If you select this, Email must also be selected.)
  • Contacts and contact groups: Grants access to read, modify, and delete your contacts.
  • Masked Email: Grants access to see, create, and manage your Masked Email addresses.

If you create an API token for use with MCP, you can select the following levels:

  • Read data: Search and read your email, contacts, and calendars.
  • Make changes: Draft replies; move, delete, and organize your mail; and update your contacts and calendars.
  • Send email: Send email on your behalf.

Reviewing and removing API tokens

You can review an API token's access details at any time, which include the following:

  • What the API token has access to
  • The date and time access was first given
  • The date and time of most recent access

To review an API token's access details:

  1. Log in to the Fastmail web interface and go to the Settings → Privacy & Security screen.
  2. Find the Connected apps & API tokens section. Click Manage API tokens.
  3. Find the API token and click on it. 

You can remove an API token at any time if you no longer use or trust an app, or if you lose your device.

To remove an API token:

  1. Log in to the Fastmail web interface and go to the Settings → Privacy & Security screen.
  2. Find the Connected apps & API tokens section. Click Manage API tokens.
  3. Find the API token and click on it. 
  4. Click Remove access.
  5. Click OK if you are sure you want to continue, as this action cannot be undone.
    • A Verify it's you box may appear. Enter your password and click Continue. (For more information, see our Password-protected actions help page.)
  6. You will return to the API tokens screen, where you can confirm that the API token has been removed.

Where can I learn more about using API tokens?

If you're interested in learning more about writing integrations with Fastmail, a great place to start is reading our developer documentation.

API token integrations

Was this article helpful?
11 out of 28 found this helpful